Wright PC Consulting, LLC

Some may remember a post a few months ago in which I discussed ways that you can secure your laptop’s personal data using the opensource encryption solution TrueCrypt. I then took our security journey a step further in this post where I explored similar options to secure your data on external drives. Finally, I even touched on the importance of encrypting your data when using a off-site backup solution like Mozy.

So, why all the emphasis on data security and encryption? Well, you would have to be living a pretty isolated life not to realize that identity theft rates have been climbing to all time highs. Additionally, we store, transmit, manipulate and share data in more transparent ways than ever before. In fact, many are often unpleasantly surprised where their personal information may be stored in the clear for the taking.

While there are some state laws for how and when victims of a data breach should be notified, once a breach has occurred that data is in the wild with little that you can do to protect you, your family and your identity. That leaves us to do what we can to protect ourselves. Hence, my short series on data encryption and taking personal responsibility to protect your data.

Equifax
To report fraud, call (800) 525-6285 or write to P.O. Box 740250, Atlanta, GA 30374-0250.

Experian (formerly TRW)
To report fraud, call (888) EXPERIAN or (888) 397-3742, fax to (800) 301-7196, or write to P.O. Box 1017, Allen, TX 75013.

Trans Union
To report fraud, call (800) 680-7289 or write to P.O. Box 6790, Fullerton, CA 92634.

It is my hope that with the tips, tricks and solutions that I’ve presented will help to motivate you to safeguard your information. As I’ve demonstrated, with a little bit of preventative effort, you too can rest a little more easily knowing that if you leave your laptop on the train or your flash drive falls into the back seat of the cab, that your data will be safer than ever before.

I have spent some time thinking about how to make my portable computing smaller, easier and more efficient. In fact, I’ve even posted a few tips. However, as with most things related to the cyber world: the easier, more portable and convenient things get for the consumer, the easier and more convenient they become for the black hats and want to be hackers/crackers and others who wish to spoil our digital life.

Case in point is the most recent disturbing trend of hardrive, flash drive and compact flash cards that have preinstalled malware before they even reach your shopping bag. In fact, in some cases the bug riddled hardware may even be given away free at conferences. That free flash drive may cost you dearly, however. So, are the vendors biting the hand that feeds them? Probably not. However, insecure supply chains and retailer return policies that place opened, and sometimes infected hardware back on the shelves may be partially to blame.

So, what can you do to protect your valuable data assets? Here are a few of the tips I practice myself and recomend that clients consider:

1. Turn off autorun options in your Windows based boxes. Here is a brief how to from Microsoft.
2. Do not accept a freebie flash drive from anyone. Especially those who look out of place or not associated with a reputable vendor.
3. When connecting your new USB storage device, isolate the computer that you will connect it to from the rest of your network.
4. Immediately reformat the device to clean off any potential malware.

Hopefully, these tips will help keep you and your data safe. Do you have other tips? If so, please share!

Anyone who has an email address within or on a web site knows all to well what a spam magnet that can be. According to one recent study, spam made up 95% of all email traffic in 2007. Spammers often use automatic email slurping robots (bots for short) to slurp up that address to feed their spam spewing machines. Of course there are good bots, like search engine bots that actually help your site. So, the question becomes how do let those who you want to have access to your email address, like potential customers while defending yourself from the mailbox filling spam?

There are many ways to use coding techniques to “hide” your address from bad bots while allowing legitimate visitors see and use your addresses. While they can be affective, they are sometimes complicated, cpu intensive and sometimes require that potential customer jump through extra hoops to send you a message. So, in a quest for another and hopefully easier solution that reaps similar benefits, I turned to the often ignored yet powerful tiny text file ./htaccess. Acting as a gatekeeper, ./htaccess can allow or deny access to your website based on many variables. Most often, it is used to secure private folders on your server.

After some research, tweaking and trial and error, I have begun testing a small ./htaccess file that seems to have the desired affect. While nothing is foolproof as spammers keep getting more creative, and with a short period of testing, this short yet sweet formula may be the beginning to a less spam filled box:

SetEnvIfNoCase User-Agent “^CherryPicker” bad_bot
SetEnvIfNoCase User-Agent “^Crescent” bad_bot
SetEnvIfNoCase User-Agent “^EmailCollector” bad_bot
SetEnvIfNoCase User-Agent “^EmailSiphon” bad_bot
SetEnvIfNoCase User-Agent “^EmailWolf” bad_bot
SetEnvIfNoCase User-Agent “^ExtractorPro” bad_bot
SetEnvIfNoCase User-Agent “^NICErsPRO” bad_bot
SetEnvIfNoCase User-Agent “^Website\ eXtractor” bad_bot

<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>

I’d be very interested in what other’s have hidden in their ./htaccess file.